I am pleased to report that the Juniper Networks Secure Access (SA) SSL VPN and UAC Network Access Control solutions have been re-certified and these solutions are now listed on the Unified Capabilities Approved Product List (UC APL) in updated versions. The previous SA version certified was SA 7.1 and the previous UAC version certified was 4.1. These new certifications are for SA 8.0 and UAC 5.0. Included in these certifications are first time certifications for the Pulse Desktop 5.0 client and the Pulse Mobile 5.0 client. The Network Connect client is also recertified in version 8.0.
So what value is created for the Department of Defense by these certifications?
Simply put an expanded number of deployment options and new capabilities.
These certifications include new platforms for the DoD. The previous SA 7.1 certification was limited to the SA4500FIPS and SA6500FIPS appliances. The new SA 8.0 certification includes these legacy appliances, but also includes the MAG family of appliances- MAG2600, MAG4610, MAG6610, and MAG6611. In addition, the virtual appliance version of Secure Access.
The SA 8.0 certification memo for the legacy appliances is available here and the SA 8.0 certification memo on the MAG and Virtual Appliance is available here.
The previous UAC 4.1 certification was limited to the IC6500FIPS appliance. The UAC 5.0 certification includes the IC6500FIPS appliance, but also includes the MAG family of appliances and the virtual appliance. While the legacy appliances were dedicated to either the SA application or the UAC application, the higher end MAG6610 and MAG6611 appliances will allow both the SA and the UAC applications to be deployed simultaneously on the same appliance.
The UAC 5.0 certification memo for the legacy appliance is available here and the UAC 5.0 certification for the MAG and Virtual Appliance is available here.
The certification of the most recent versions of SA and UAC bring a number of valuable new capabilities to DoD users. Many of these I have blogged about in the past. Some important new capabilities available in the new versions are-
IPv6 SSL VPN support
Support for TLS 1.2
Support for Suite B Ciphers for TLS
Support for Ephemeral keys (Forward Secrecy)
The FIPS 140-2 certified, unified Pulse desktop client for SSL VPN and Network Access Control
A FIPS 140-2 certified SSL VPN client for Apple iOS and Android mobile devices
A simplified implementation of FIPS in the MAG and virtual appliances
Support for SNMPv3 and NTP Authentication
The SA 8.0 and UAC 5.0 applications have been tested by the DISA Public Key Enabled Applications test lab and have demonstrated that they meet all the DoD Public Key Infrastructure (PKI) requirements.
DoD users can immediately take advantage of all these new capabilities.